Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/0a627e-c40a-4590-8c9a-696e3d188f2a/1/SmGyVD5pzfI0P6hHdE1wrlwGc4E.roa
File:                     SmGyVD5pzfI0P6hHdE1wrlwGc4E.roa (raw, json)
Hash identifier:          OyNw/4G/3lGLm44FyMow/KPB/WiDAWwN/lsjR7AQZ1g=
Subject key identifier:   4A:61:B2:54:3E:69:CD:F2:34:3F:A8:47:74:4D:70:AE:5C:06:73:81
Certificate issuer:       /CN=d6cce89eea451b8294a8bb697c4993ae44d05c6f
Certificate serial:       018CC7943265E0956B8BEDD81CB5A0E87FE8
Authority key identifier: D6:CC:E8:9E:EA:45:1B:82:94:A8:BB:69:7C:49:93:AE:44:D0:5C:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1szonupFG4KUqLtpfEmTrkTQXG8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/0a627e-c40a-4590-8c9a-696e3d188f2a/1/SmGyVD5pzfI0P6hHdE1wrlwGc4E.roa
Signing time:             Tue 02 Jan 2024 00:30:27 +0000
ROA not before:           Tue 02 Jan 2024 00:30:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49544
IP address blocks:        45.85.189.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/24/0a627e-c40a-4590-8c9a-696e3d188f2a/1/1szonupFG4KUqLtpfEmTrkTQXG8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/24/0a627e-c40a-4590-8c9a-696e3d188f2a/1/1szonupFG4KUqLtpfEmTrkTQXG8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1szonupFG4KUqLtpfEmTrkTQXG8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 19 Jun 2024 07:33:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:32:65:e0:95:6b:8b:ed:d8:1c:b5:a0:e8:7f:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d6cce89eea451b8294a8bb697c4993ae44d05c6f
        Validity
            Not Before: Jan  2 00:30:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4a61b2543e69cdf2343fa847744d70ae5c067381
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:d1:ab:0c:32:0d:95:2f:94:1a:e6:94:ab:30:
                    82:92:5d:97:fd:ea:df:72:96:40:ea:c7:e0:e6:c1:
                    ef:b1:64:77:99:cf:38:9d:c3:52:7c:9e:ee:9a:6c:
                    39:de:01:ea:cc:8a:bf:c5:eb:28:2e:05:99:eb:d0:
                    48:3f:21:18:d6:85:74:eb:8a:07:51:ee:ef:5c:13:
                    83:bc:b3:88:40:fd:2c:10:38:ac:5a:98:b5:a0:6f:
                    0f:40:20:ba:ed:17:a1:51:c6:09:42:a6:b1:c8:74:
                    7d:ee:72:23:5a:28:f2:0e:99:46:0d:65:37:07:f2:
                    a2:b7:4e:85:dd:ae:24:29:a4:a5:8e:7e:a1:93:b1:
                    d4:4a:09:20:6d:f7:a0:fc:58:aa:bd:fa:1e:b3:20:
                    04:7c:d0:0c:25:90:45:7f:88:40:ba:85:5d:af:29:
                    c5:09:26:d8:76:68:c0:68:96:f4:fe:63:01:d3:6c:
                    1a:71:de:65:6f:ed:18:59:b2:49:e3:e8:e8:ae:2d:
                    1d:14:2b:0a:0d:a2:02:4a:cc:27:4c:76:2a:a2:9c:
                    56:cc:09:39:96:c9:af:fb:35:81:6c:29:e1:76:2e:
                    93:da:98:65:0e:31:23:4a:63:36:30:fd:54:40:28:
                    8d:bb:94:ef:00:f1:13:14:30:29:05:14:f5:59:2c:
                    a7:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4A:61:B2:54:3E:69:CD:F2:34:3F:A8:47:74:4D:70:AE:5C:06:73:81
            X509v3 Authority Key Identifier:
                keyid:D6:CC:E8:9E:EA:45:1B:82:94:A8:BB:69:7C:49:93:AE:44:D0:5C:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1szonupFG4KUqLtpfEmTrkTQXG8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/0a627e-c40a-4590-8c9a-696e3d188f2a/1/SmGyVD5pzfI0P6hHdE1wrlwGc4E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/0a627e-c40a-4590-8c9a-696e3d188f2a/1/1szonupFG4KUqLtpfEmTrkTQXG8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.85.189.0/24

    Signature Algorithm: sha256WithRSAEncryption
         97:a6:77:80:40:d2:f1:14:c5:55:86:3e:a7:ba:b6:50:3f:11:
         4f:7e:1f:d1:2a:48:f3:a3:35:ae:89:0e:0b:55:dd:55:59:38:
         cf:b7:4e:39:96:66:81:bb:c3:1c:17:84:8d:af:d9:96:c8:c0:
         de:59:1d:fc:2f:cf:a7:71:19:0f:43:f5:ce:76:3e:d7:eb:f0:
         7b:c9:b5:9a:4e:cf:09:68:bc:0e:51:b8:a7:30:3e:7f:fd:42:
         8e:62:2c:35:2c:a6:69:43:b6:6d:6b:1d:80:46:56:5f:4f:b0:
         10:77:f9:da:b1:33:74:98:eb:bc:05:6c:0e:3f:f8:08:03:a4:
         3a:fa:42:cb:b8:80:d9:d8:9f:23:f4:db:73:d8:06:be:dd:26:
         99:14:0b:0e:15:9a:29:32:a7:6b:cf:22:fc:ec:f1:7f:e1:c8:
         49:d3:4d:84:8a:fd:f8:b4:09:3e:81:59:83:dd:23:1b:57:08:
         83:07:ef:d4:ec:52:fd:ed:ae:a9:4e:a2:fc:7a:07:03:d6:90:
         16:80:84:05:fa:aa:f7:4c:dd:21:ee:6e:f4:d1:42:49:13:a3:
         d3:45:1e:fb:dd:33:47:40:75:ff:cb:0f:be:e2:3b:58:65:65:
         04:c6:05:d5:5d:44:06:4d:d6:6d:89:8c:a3:97:1c:93:2f:4f:
         4b:a0:0a:09
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlDJl4JVri+3YHLWg6H/oMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ2Y2NlODllZWE0NTFiODI5NGE4YmI2OTdjNDk5M2FlNDRk
MDVjNmYwHhcNMjQwMTAyMDAzMDI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YTYxYjI1NDNlNjljZGYyMzQzZmE4NDc3NDRkNzBhZTVjMDY3MzgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz9GrDDINlS+UGuaUqzCCkl2X/erf
cpZA6sfg5sHvsWR3mc84ncNSfJ7ummw53gHqzIq/xesoLgWZ69BIPyEY1oV064oH
Ue7vXBODvLOIQP0sEDisWpi1oG8PQCC67RehUcYJQqaxyHR97nIjWijyDplGDWU3
B/Kit06F3a4kKaSljn6hk7HUSgkgbfeg/FiqvfoesyAEfNAMJZBFf4hAuoVdrynF
CSbYdmjAaJb0/mMB02wacd5lb+0YWbJJ4+jori0dFCsKDaICSswnTHYqopxWzAk5
lsmv+zWBbCnhdi6T2phlDjEjSmM2MP1UQCiNu5TvAPETFDApBRT1WSyntQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEphslQ+ac3yND+oR3RNcK5cBnOBMB8GA1UdIwQY
MBaAFNbM6J7qRRuClKi7aXxJk65E0FxvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMXN6b251cEZHNEtVcUx0cGZFbVRya1RRWEc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC8wYTYyN2UtYzQwYS00NTkwLThjOWEt
Njk2ZTNkMTg4ZjJhLzEvU21HeVZENXB6ZkkwUDZoSGRFMXdybHdHYzRFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC8wYTYyN2UtYzQwYS00NTkwLThjOWEtNjk2ZTNkMTg4ZjJh
LzEvMXN6b251cEZHNEtVcUx0cGZFbVRya1RRWEc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALVW9MA0G
CSqGSIb3DQEBCwUAA4IBAQCXpneAQNLxFMVVhj6nurZQPxFPfh/RKkjzozWuiQ4L
Vd1VWTjPt045lmaBu8McF4SNr9mWyMDeWR38L8+ncRkPQ/XOdj7X6/B7ybWaTs8J
aLwOUbinMD5//UKOYiw1LKZpQ7Ztax2ARlZfT7AQd/nasTN0mOu8BWwOP/gIA6Q6
+kLLuIDZ2J8j9Ntz2Aa+3SaZFAsOFZopMqdrzyL87PF/4chJ002Eiv34tAk+gVmD
3SMbVwiDB+/U7FL97a6pTqL8egcD1pAWgIQF+qr3TN0h7m700UJJE6PTRR773TNH
QHX/yw++4jtYZWUExgXVXUQGTdZtiYyjlxyTL09LoAoJ
-----END CERTIFICATE-----